CVE-2024-56199

MediumPublic PoC

Published: 02 January 2025

Published

02 January 2025

Modified

14 August 2025

KEV Added

—

Patch

—

CVSS Score 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L

EPSS Score 0.0020 41.7th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability.

Security Summary

CVE-2024-56199 is an HTML injection vulnerability in phpMyFAQ, an open source FAQ web application. It affects versions starting no later than 3.2.10 and prior to 4.0.2, specifically in the FAQ editor at the endpoint /admin/index.php?action=editentry. Attackers can inject malicious HTML content that manipulates the page structure with malformed elements like overlapping buttons, images, and iframes styled to cover the entire screen, resulting in complete disruption of the FAQ page's user interface.

Exploitation requires network access, low complexity, high privileges (PR:H), and user interaction (UI:R), as reflected in its CVSS score of 5.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L). A privileged attacker, such as one with admin access to the editor, can render the page unusable for legitimate users, leading to denial of service, damage to user experience, and potential phishing or defacement attacks. The issue is linked to CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page).

The GitHub security advisory (GHSA-ww33-jppq-qfrp) documents the vulnerability, and phpMyFAQ version 4.0.2 includes a patch to mitigate it.

Details

CWE(s): CWE-79CWE-80

Affected Products

phpmyfaq

3.2.10 — 4.0.2

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp
Exploit, Vendor Advisory · security-advisories@github.com